Apple and Google will limit contact tracing data extraction and require health authorities to sign legal documents before accessing APIs.
Apple and Google set limits for contact tracing
To access APIs for Apple and Google's exposure notification (the name of Apple and Google's contact tracing solution), health authorities will sign legal documents agreeing to certain conditions. Health authorities cannot access location data, nor can they ask users for access to their location data. This is a big stipulation for health authorities, as it protects users who opt-in to the exposure notification tracking.
Users will have to agree to certain data extraction at various stages in the process, giving them the right to opt-out at any time. Contrary to apps of the past, users won't have to "always agree" to give information over to developers and companies. The API will only work for one app per country/region. This denies health authorities the ability to mine more information on two or more apps.
Apps must limit the user data they mine from user interaction. Apps must not be data-hungry. Last but never least, apps must only exist for the sake of aiding in the coronavirus pandemic effort. After the COVID-19 war is past, apps must be done away with. They cannot remain past the COVID-19 war and they cannot target users with ads.
Why the limits?
Health authorities may find that the conditions for app creation (per Apple and Google) are a bit tough. And they are. These limits are designed to prevent health authorities from mining more information than they should. Both Apple and Google want their exposure notification tracking API to benefit the pandemic and honor user privacy simultaneously. Whenever stipulations are not in place, companies mine far more data than they should.
Google is learning this with its Android 10 update from last Fall. In the Android 10 update, Google gives users the ability to limit how much information they share with companies. Users can now limit how long they give up location data, for instance. Health authorities don't need a user's location data, since the goal of contact tracing is anonymity for users. Users cannot know that "Billy Bob" who lives next door has COVID-19, any more than that individual could have access to a user's HIV/AIDS information. Anonymity protects users and honors their medical privacy rights.
Exposure Notification Tracking: How it works
Exposure notification tracking utilizes Bluetooth keys to detect when phones are in proximity to one another. Users must opt-in to put the notification tracking to use. Once users opt-in to the technology, their Bluetooth will work to detect those with whom they come in contact. Exposure notification only works with the aid of users. A user must report to an app that he or she is sick with COVID-19. At that point, users with whom the individual has come in contact will be notified via Bluetooth. They will receive an exposure notification, hence the name of Google and Apple's technology.
Google and Apple have said that the numbers representing individuals will be randomly generated and change often, enforcing anonymity. The partnering companies have released an early version of the technology to developers. Both companies will update their operating systems, then leave it to developers to create apps that utilize its contact tracing.